Brief
Mesalvo, a major HIS software provider from Germany, which had a pharmacy management module – Ataxe Web – needed support in modernizing their solution and adapting it to new infrastructure and regulatory requirements.
Together with the Mesalvo team, we carried out the technological transformation of the Ataxe Web module and migrated it to a cloud environment, while ensuring compliance with the Telematics Infrastructure (TI) and KBV guidelines.
Challenge
In 2022, after the introduction of regulations enabling e-prescription issuance in Germany, many software providers for medical facilities needed to adapt their systems to the new requirements of the Telematics Infrastructure. The problem was particularly complex for HIS systems using technologies that required adaptation to meet new TI standards, particularly regarding performance and security.
In this project to update Ataxe Web, we had to move the entire solution to a web-based architecture to integrate with TI. The new solution had to be accessible remotely, scalable, secure, easy to maintain, and meet strict KBV requirements for usability and functionality.
Mesalvo chose to migrate Ataxe Web to the cloud to enable faster updates, centralized management, improved availability, and to leverage robust security practices available in certified data centers – factors that are essential for operating modern hospital pharmacy systems.
List of Main Challenges
- Implementing secure communication with Telematics Infrastructure connectors, handling SMC-B and HBA cards, and data exchange with the German e-prescription system.
- Migration from a previously used Delphi-based desktop solution to a modern web application.
- Ensuring compatibility with other HIS system modules and their continued operation.
- Meeting KBV certification requirements regarding functionality, security, and documentation.
- Sensitive data management – securing patients’ medical data.
We described the above problems and others we’ve encountered with similar projects in another blog post on the most common challenges associated with implementing e-prescriptions: 4 Challenges for software vendors while implementing e-prescription in Germany
Scope of Work and Solution
In collaboration with Mesalvo’s IT department, we modernized the Ataxe Web pharmacy module. The scope of work included technological migration from a Delphi desktop application to a web application based on Spring Boot and Angular, running in an AWS cloud environment hosted in Germany, meeting strict compliance and availability requirements.
The new solution handles the complete e-prescription lifecycle, integrates with the Telematics Infrastructure and external pharmaceutical systems, while supporting compliance with German regulations (KBV). Ataxe Web is designed with geo-fencing to ensure access only from within Germany and maintains tenant separation through isolated VPN subnets per client.
In one of our recent blog posts, we describe what to consider when designing IT solutions for doctors: Design for Doctors: Legal and Usability Issues in Medical Software
As part of the project, we delivered:
- Technological migration – transition from a Delphi-based desktop application to a modern web solution using Spring Boot (backend) and Angular (frontend).
- E-prescription module implementation – handling the complete e-prescription lifecycle (creation, signing, transmission, archiving), along with taxation-related functions, in accordance with German law.
- Telematics Infrastructure integration – implementation of secure Site-to-Site VPN connections, authentication using SMC-B and HBA cards, geo-fencing, and client environment separation.
- Connection with external drug suppliers – integration with external pharmaceutical provider APIs using the MSV3 protocol.
- Drug data search and access – integration with the ABDA database and advanced full-text drug search using Apache Lucene.
- Security and authorization – data encryption in transit and at rest (including sensitive data), key management through AWS KMS, and role-based access control (RBAC). Access management is further enhanced with optional two-factor authentication.
Ataxe Web is hosted using AWS services such as ECS, EC2, RDS, Secrets Manager, and CloudWatch, using German data centers certified to C5 and other relevant standards.
The system was prepared to meet all KBV certification requirements and passed key compliance tests.
The result of our collaboration is a modern, secure and efficient application for hospital pharmacies that supports their daily operations and meets the requirements of the German healthcare system.
Lessons Learned
In summary, we can meet challenges related to implementing secure Site-to-Site VPN connections, handling medical data encryption, authentication using SMC-B and HBA cards, and integration with TI connectors:
- KBV certification – we can prepare systems for rigorous certification processes, taking care of both technical and documentation aspects.
- Legacy system migrations – we conduct or support secure system migrations for medical facilities without disrupting daily operations.
- E-prescription systems – we design complete e-prescription handling systems in accordance with German regulations, including integration with drug databases and digital signature functions.
- Telematics Infrastructure integration – Thanks to this project with Mesalvo, we gained additional practical experience in securely connecting to TI and handling SMC-B and HBA cards, in compliance with German security standards.
If you’re facing similar challenges, contact us – we’ll analyze your situation and propose a tailored solution.
People who read this article also read:
